blind signature scheme
DESCRIPTION
In 1982, a blind signature, as introduced by David Chaum. Blind Signature Scheme is a form of digital signature scheme which allows a person to get a message signed by another party without revealing any information about the message to the other party. This presentation introduces the theory behind the blind signature scheme, how to implement it with RSA public cryptographic scheme and various practical aspects of the scheme.TRANSCRIPT
![Page 1: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/1.jpg)
BLIND SIGNATURE SCHEME
By:
Asanka Balasooriya
Kelum Senanayake
![Page 2: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/2.jpg)
BLIND SIGNATURE SCHEME
“Blind Signature Scheme allows a person to get a
message signed by another party without revealing
any information about the message to the other
party.” – RSA Laboratory
Introduced by Dr. David Chaum in 1982.
Typical Analogy from the world of paper documents
Enclosing a message in a carbon paper lined envelop.
Writing a signature on the outside of the envelop.
Leaves a carbon copy of the signature on the paper
inside the envelop.
The signer does not view the message content
But a third party can later verify the signature
![Page 3: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/3.jpg)
ABOUT DR. DAVID CHAUM
Dr. David Chaum is the inventor of many cryptographic protocols, including blind signature schemes, commitment schemes, and digital cash.
He received his Ph.D. in Computer Science, with a minor in Business Administration, from the University of California at Berkeley.
In the area of cryptography, he has published over 45 original technical articles (see list of articles), received over 17 US patents.
Founder of the International Association for Cryptographic Research (IACR) In 1982.
Founder and a member of the Board of Directors of DigiCash Inc., a company that has pioneered electronic cash innovations.
![Page 4: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/4.jpg)
HOW BLIND SIGNATURE WORKS
Suppose Alice wants Bob to sign a message m,
but does not want Bob to know the contents of the
message.
Alice "blinds" the message m, with some random
number b (the blinding factor). This results in
blind(m,b).
Bob signs this message, resulting in
sign(blind(m,b),d), where d is Bob's private key.
Alice then unblinds the message using b,
resulting in unblind(sign(blind(m,b),d),b).
The functions are designed so that this reduces to
sign(m,d), i.e. Bob's signature on m.
![Page 5: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/5.jpg)
BLIND RSA SIGNATURES
Assume e is the public RSA exponent, d is the secret
RSA exponent and N is the RSA modulus.
Select random value r, such that r is relatively
prime to N (i.e. gcd(r, N) = 1)
r is raised to the public exponent e modulo N
remod N is used as a blinding factor
Because r is a random value, remod N is random
too.
![Page 6: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/6.jpg)
BLIND RSA SIGNATURES… CONT
![Page 7: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/7.jpg)
WHY WOULD BOB SIGN SOMETHING WITHOUT
KNOWING WHAT IT IS?
A trustee wishes to hold an election by secret
ballot.
Each elector is very concerned about keeping his
vote secret from the trustee.
Each vote should be signed by the trustee.
Blind signature solves this problem.
![Page 8: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/8.jpg)
WHY WOULD BOB SIGN SOMETHING WITHOUT
KNOWING WHAT IT IS?
Untraceable payment system
Consider a bank, payer and the payee
A single note will be formed by the payer
Signed by the bank
Provided to the payee
Cleared by the bank
![Page 9: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/9.jpg)
DANGERS OF BLIND SIGNING
RSA Blinding Attack.
In RSA the signing process is equivalent to
decrypting with the signers secret key.
An attacker can provide a blinded version of a
message m encrypted with the signers public
key, m' for them to sign.
When the attacker unblinds the signed version
they will have the clear text.
![Page 10: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/10.jpg)
RSA BLINDING ATTACK
![Page 11: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/11.jpg)
RSA BLINDING ATTACK … CONT
This attack works because in this blind signature
scheme the signer signs the message directly.
By contrast, in an traditional signature scheme the
signer would typically use a padding scheme.
Signing the result of a Cryptographic hash function
applied to the message, instead of signing the message
itself.
This would produce an incorrect value when unblinded.
In RSA the same key should never be used for both
encryption and signing purposes.
![Page 12: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/12.jpg)
REFERENCES
“Blind Signatures for Untraceable Payments,” D.
Chaum, Advances in Cryptology Proceedings of
Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman
(Eds.), Plenum, pp. 199-203.
RSA Laboratories - 7.3 What is a blind signature
scheme?[Online]. Available:
http://www.rsa.com/rsalabs/node.asp?id=2339
Blind signatures [Online]. Available:
http://www.cs.bham.ac.uk/~mdr/teaching/modules06/
netsec/lectures/blind_sigs.html
![Page 13: Blind Signature Scheme](https://reader038.vdocuments.us/reader038/viewer/2022100516/5461f779b1af9f71408b4dc5/html5/thumbnails/13.jpg)
THANK YOU